Taming the Permissions Beast

Permissions are a beast. Powerful, useful, essential to your site, but a nightmare to manage. If you’ve ever built a Drupal site, you’ve probably languished at the wall of checkboxes on the permissions page. While Drupal 8 brought many fantastic improvements across the board, the permissions user experience remains pretty much unchanged.

In this session, we’re going to attempt to tame that beast. We’ll take a multi-faceted and in-depth look at permissions in Drupal, with an emphasis on Drupal 8. We’ll go over easy-to-implement strategies and design patterns for mitigating permissions-related pain points, including common mistakes and bad design decisions (hint: Drupal roles are not job titles, they’re responsibilities).

We’ll also look at the code for creating new permissions and taking advantage dynamic permissions. Finally, we’ll close with how to enforce access control on your routes, entities, and forms.

By the end of this session, you should have some key takeaways for designing scalable, flexible, and most importantly, secure permissions systems for your Drupal sites.

Attendees need not have a strong development background, but those that do should also feel confident that they can learn something as well.